hello TurboVNC community,
I am using TurboVNC 3.0 on client and server. On machine A,
I start a VNC server:
/opt/TurboVNC/bin/vncserver :1
Then I lock the session on A and go to machine B
(in this case they are in the same network, but in reality B could be
remote)
On machine B I connect to A:1 using:
/opt/TurboVNC/bin/vncviewer -Toolbar=0 -Shared=0 -MenuKey=F2 \
-Encoding=Tight -JPEG=1 -Quality=70 -CompressLevel=7 -Subsampling=4x \
A:1
I lock virtual session A:1 from B, and when I login again,
the physical session A:0 is also unlocked.
This is obviously a security problem.
If I log out cleanly on A (instead of locking the screen),
and redo the test, the problem is not reproducible any more
until I restart the VNC server on A.
~/.vnc/A:1.log looked unsuspicious (shall I post parts of it here?).
Also, if I do a switch user on a localhost:1 vncviewer session,
it triggers a switch user on :0. But I guess this is not supported.
Both machines are using Scientific Linux 7.9 ("Redhat7").
Many Thanks in Advance and Best Regards,
Felix
--
You received this message because you are subscribed to the Google Groups
"TurboVNC User Discussion/Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/turbovnc-users/865c852c-6741-42dc-a90e-96cd507c6608n%40googlegroups.com.
